feat(clerk-js,types,shared): Introduce force and fallback redirect urls (#3162)

Author: nikosdouvlis

.changeset/friendly-masks-obey.md

@@ -0,0 +1,7 @@
+---
+'@clerk/clerk-js': patch
+'@clerk/shared': patch
+'@clerk/types': patch
+---
+
+Introduce forceRedirectUrl and fallbackRedirectUrl

.github/workflows/release.yml

@@ -49,7 +49,7 @@ jobs:
           playwright-enabled: true # Must be present to enable caching on branched workflows
 
       - name: Build release
-        run: npx turbo build $TURBO_ARGS --force
+        run: npx turbo build $TURBO_ARGS --force --filter=!elements
 
       - name: Create Release PR
         id: changesets

integration/playwright.config.ts

@@ -43,10 +43,10 @@ export default defineConfig({
       use: { ...devices['Desktop Chrome'], channel: 'chrome' },
       dependencies: ['setup'],
     },
-    {
-      name: 'webkit',
-      use: { ...devices['Desktop Safari'] },
-      dependencies: ['setup'],
-    },
+    // {
+    //   name: 'webkit',
+    //   use: { ...devices['Desktop Safari'] },
+    //   dependencies: ['setup'],
+    // },
   ],
 });

integration/tests/navigation.test.ts

@@ -112,7 +112,7 @@ export default function Page() {
 
     await u.po.signIn.getGoToSignUp().click();
     await u.po.signUp.waitForMounted();
-    await u.page.waitForURL(`${app.serverUrl}/sign-up?redirect_url=${encodeURIComponent(app.serverUrl + '/')}`);
+    await u.page.waitForURL(`${app.serverUrl}/sign-up`);
 
     await page.goBack();
     await u.po.signIn.waitForMounted();

package.json

@@ -9,7 +9,7 @@
     ]
   },
   "scripts": {
-    "build": "FORCE_COLOR=1 turbo build --concurrency=${TURBO_CONCURRENCY:-80%}",
+    "build": "FORCE_COLOR=1 turbo build --concurrency=${TURBO_CONCURRENCY:-80%} --filter=!@clerk/elements",
     "bundlewatch": "turbo bundlewatch",
     "changeset": "changeset",
     "changeset:empty": "npm run changeset -- --empty",
@@ -28,7 +28,7 @@
     "release:canary": "changeset publish --tag canary --no-git-tag",
     "release:snapshot": "changeset publish --tag snapshot --no-git-tag",
     "release:verdaccio": "if [ \"$(npm config get registry)\" = \"https://registry.npmjs.org/\" ]; then echo 'Error: Using default registry' && exit 1; else TURBO_CONCURRENCY=1 npm run build && changeset publish --no-git-tag; fi",
-    "test": "FORCE_COLOR=1 turbo test --concurrency=${TURBO_CONCURRENCY:-80%}",
+    "test": "FORCE_COLOR=1 turbo test --concurrency=${TURBO_CONCURRENCY:-80%} --filter=!@clerk/elements",
     "test:cache:clear": "FORCE_COLOR=1 turbo test:cache:clear --continue --concurrency=${TURBO_CONCURRENCY:-80%}",
     "test:integration:ap-flows": "npm run test:integration:base -- --grep @ap-flows",
     "test:integration:base": "DEBUG=1 npx playwright test --config integration/playwright.config.ts",

packages/clerk-js/src/core/__tests__/clerk.redirects.test.ts

@@ -122,20 +122,36 @@ describe('Clerk singleton - Redirects', () => {
         mockEnvironmentFetch.mockRestore();
       });
 
-      it('redirects to signInUrl', async () => {
-        await clerkForProductionInstance.redirectToSignIn({ redirectUrl: 'https://www.example.com/' });
+      it('redirects to signInUrl for development instance', async () => {
         await clerkForDevelopmentInstance.redirectToSignIn({ redirectUrl: 'https://www.example.com/' });
+        expect(mockNavigate).toHaveBeenCalledWith(
+          '/sign-in#/?redirect_url=https%3A%2F%2Fwww.example.com%2F',
+          undefined,
+        );
+      });
 
-        expect(mockNavigate.mock.calls[0][0]).toBe('/sign-in#/?redirect_url=https%3A%2F%2Fwww.example.com%2F');
-        expect(mockNavigate.mock.calls[1][0]).toBe('/sign-in#/?redirect_url=https%3A%2F%2Fwww.example.com%2F');
+      it('redirects to signInUrl for production instance', async () => {
+        await clerkForProductionInstance.redirectToSignIn({ redirectUrl: 'https://www.example.com/' });
+        expect(mockNavigate).toHaveBeenCalledWith(
+          '/sign-in#/?redirect_url=https%3A%2F%2Fwww.example.com%2F',
+          undefined,
+        );
       });
 
-      it('redirects to signUpUrl', async () => {
-        await clerkForProductionInstance.redirectToSignUp({ redirectUrl: 'https://www.example.com/' });
+      it('redirects to signUpUrl for development instance', async () => {
         await clerkForDevelopmentInstance.redirectToSignUp({ redirectUrl: 'https://www.example.com/' });
+        expect(mockNavigate).toHaveBeenCalledWith(
+          '/sign-up#/?redirect_url=https%3A%2F%2Fwww.example.com%2F',
+          undefined,
+        );
+      });
 
-        expect(mockNavigate.mock.calls[0][0]).toBe('/sign-up#/?redirect_url=https%3A%2F%2Fwww.example.com%2F');
-        expect(mockNavigate.mock.calls[1][0]).toBe('/sign-up#/?redirect_url=https%3A%2F%2Fwww.example.com%2F');
+      it('redirects to signUpUrl for production instance', async () => {
+        await clerkForProductionInstance.redirectToSignUp({ redirectUrl: 'https://www.example.com/' });
+        expect(mockNavigate).toHaveBeenCalledWith(
+          '/sign-up#/?redirect_url=https%3A%2F%2Fwww.example.com%2F',
+          undefined,
+        );
       });
 
       it('redirects to userProfileUrl', async () => {
@@ -203,29 +219,34 @@ describe('Clerk singleton - Redirects', () => {
 
       const host = 'http://another-test.host';
 
-      it('redirects to signInUrl', async () => {
-        await clerkForProductionInstance.redirectToSignIn({ redirectUrl: 'https://www.example.com/' });
+      it('redirects to signInUrl for development instance', async () => {
         await clerkForDevelopmentInstance.redirectToSignIn({ redirectUrl: 'https://www.example.com/' });
-
-        expect(mockHref).toHaveBeenNthCalledWith(1, `${host}/sign-in#/?redirect_url=https%3A%2F%2Fwww.example.com%2F`);
-
-        expect(mockHref).toHaveBeenNthCalledWith(
-          2,
+        expect(mockHref).toHaveBeenCalledTimes(1);
+        expect(mockHref).toHaveBeenCalledWith(
           `${host}/sign-in?__clerk_db_jwt=deadbeef#/?redirect_url=https%3A%2F%2Fwww.example.com%2F`,
         );
       });
 
-      it('redirects to signUpUrl', async () => {
-        await clerkForProductionInstance.redirectToSignUp({ redirectUrl: 'https://www.example.com/' });
-        await clerkForDevelopmentInstance.redirectToSignUp({ redirectUrl: 'https://www.example.com/' });
+      it('redirects to signInUrl for production instance', async () => {
+        await clerkForProductionInstance.redirectToSignIn({ redirectUrl: 'https://www.example.com/' });
+        expect(mockHref).toHaveBeenCalledTimes(1);
+        expect(mockHref).toHaveBeenCalledWith(`${host}/sign-in#/?redirect_url=https%3A%2F%2Fwww.example.com%2F`);
+      });
 
-        expect(mockHref).toHaveBeenNthCalledWith(1, `${host}/sign-up#/?redirect_url=https%3A%2F%2Fwww.example.com%2F`);
-        expect(mockHref).toHaveBeenNthCalledWith(
-          2,
+      it('redirects to signUpUrl for development instance', async () => {
+        await clerkForDevelopmentInstance.redirectToSignUp({ redirectUrl: 'https://www.example.com/' });
+        expect(mockHref).toHaveBeenCalledTimes(1);
+        expect(mockHref).toHaveBeenCalledWith(
           `${host}/sign-up?__clerk_db_jwt=deadbeef#/?redirect_url=https%3A%2F%2Fwww.example.com%2F`,
         );
       });
 
+      it('redirects to signUpUrl for production instance', async () => {
+        await clerkForProductionInstance.redirectToSignUp({ redirectUrl: 'https://www.example.com/' });
+        expect(mockHref).toHaveBeenCalledTimes(1);
+        expect(mockHref).toHaveBeenCalledWith(`${host}/sign-up#/?redirect_url=https%3A%2F%2Fwww.example.com%2F`);
+      });
+
       it('redirects to userProfileUrl', async () => {
         await clerkForProductionInstance.redirectToUserProfile();
         await clerkForDevelopmentInstance.redirectToUserProfile();

packages/clerk-js/src/core/__tests__/clerk.test.ts

@@ -981,7 +981,7 @@ describe('Clerk singleton', () => {
       });
     });
 
-    it('redirects the user to the afterSignInUrl if one was provided', async () => {
+    it('redirects the user to the signInForceRedirectUrl if one was provided', async () => {
       mockEnvironmentFetch.mockReturnValue(
         Promise.resolve({
           authConfig: {},
@@ -1028,15 +1028,15 @@ describe('Clerk singleton', () => {
       sut.setActive = mockSetActive as any;
 
       sut.handleRedirectCallback({
-        redirectUrl: '/custom-sign-in',
+        signInForceRedirectUrl: '/custom-sign-in',
       });
 
       await waitFor(() => {
         expect(mockNavigate.mock.calls[0][0]).toBe('/custom-sign-in');
       });
     });
 
-    it('gives priority to afterSignInUrl if afterSignInUrl and redirectUrl were provided ', async () => {
+    it('gives priority to signInForceRedirectUrl if signInForceRedirectUrl and signInFallbackRedirectUrl were provided ', async () => {
       mockEnvironmentFetch.mockReturnValue(
         Promise.resolve({
           authConfig: {},
@@ -1083,8 +1083,8 @@ describe('Clerk singleton', () => {
       sut.setActive = mockSetActive as any;
 
       sut.handleRedirectCallback({
-        afterSignInUrl: '/custom-sign-in',
-        redirectUrl: '/redirect-to',
+        signInForceRedirectUrl: '/custom-sign-in',
+        signInFallbackRedirectUrl: '/redirect-to',
       } as any);
 
       await waitFor(() => {

packages/clerk-js/src/core/clerk.ts

@@ -37,7 +37,6 @@ import type {
   OrganizationProfileProps,
   OrganizationResource,
   OrganizationSwitcherProps,
-  RedirectOptions,
   Resources,
   SDKMetadata,
   SetActiveParams,
@@ -59,7 +58,6 @@ import type {
 
 import type { MountComponentRenderer } from '../ui/Components';
 import {
-  appendAsQueryParams,
   buildURL,
   completeSignUpFlow,
   createAllowedRedirectOrigins,
@@ -77,17 +75,16 @@ import {
   isRedirectForFAPIInitiatedFlow,
   noOrganizationExists,
   noUserExists,
-  pickRedirectionProp,
   removeClerkQueryParam,
   requiresUserInput,
   sessionExistsAndSingleSessionModeEnabled,
   stripOrigin,
-  stripSameOrigin,
-  toURL,
   windowNavigate,
 } from '../utils';
+import { assertNoLegacyProp } from '../utils/assertNoLegacyProp';
 import { getClientUatCookie } from '../utils/cookies/clientUat';
 import { memoizeListenerCallback } from '../utils/memoizeStateListenerCallback';
+import { RedirectUrls } from '../utils/redirectUrls';
 import { CLERK_SATELLITE_URL, CLERK_SYNCED, ERROR_CODES } from './constants';
 import type { DevBrowser } from './devBrowser';
 import { createDevBrowser } from './devBrowser';
@@ -133,9 +130,11 @@ const defaultOptions: ClerkOptions = {
   isSatellite: false,
   signInUrl: undefined,
   signUpUrl: undefined,
-  afterSignInUrl: undefined,
-  afterSignUpUrl: undefined,
   afterSignOutUrl: undefined,
+  signInFallbackRedirectUrl: undefined,
+  signUpFallbackRedirectUrl: undefined,
+  signInForceRedirectUrl: undefined,
+  signUpForceRedirectUrl: undefined,
 };
 
 export class Clerk implements ClerkInterface {
@@ -276,6 +275,8 @@ export class Clerk implements ClerkInterface {
       ...options,
     };
 
+    assertNoLegacyProp(this.#options);
+
     if (this.#options.sdkMetadata) {
       Clerk.sdkMetadata = this.#options.sdkMetadata;
     }
@@ -827,11 +828,17 @@ export class Clerk implements ClerkInterface {
   }
 
   public buildSignInUrl(options?: SignInRedirectOptions): string {
-    return this.#buildUrl('signInUrl', options);
+    return this.#buildUrl('signInUrl', {
+      ...options?.initialValues,
+      redirect_url: options?.redirectUrl || window.location.href,
+    });
   }
 
   public buildSignUpUrl(options?: SignUpRedirectOptions): string {
-    return this.#buildUrl('signUpUrl', options);
+    return this.#buildUrl('signUpUrl', {
+      ...options?.initialValues,
+      redirect_url: options?.redirectUrl || window.location.href,
+    });
   }
 
   public buildUserProfileUrl(): string {
@@ -849,19 +856,11 @@ export class Clerk implements ClerkInterface {
   }
 
   public buildAfterSignInUrl(): string {
-    if (!this.#options.afterSignInUrl) {
-      return '/';
-    }
-
-    return this.buildUrlWithAuth(this.#options.afterSignInUrl);
+    return this.buildUrlWithAuth(new RedirectUrls(this.#options).getAfterSignInUrl());
   }
 
   public buildAfterSignUpUrl(): string {
-    if (!this.#options.afterSignUpUrl) {
-      return '/';
-    }
-
-    return this.buildUrlWithAuth(this.#options.afterSignUpUrl);
+    return this.buildUrlWithAuth(new RedirectUrls(this.#options).getAfterSignUpUrl());
   }
 
   public buildAfterSignOutUrl(): string {
@@ -1062,9 +1061,9 @@ export class Clerk implements ClerkInterface {
         buildURL({ base: displayConfig.signInUrl, hashPath: '/reset-password' }, { stringify: true }),
     );
 
-    const navigateAfterSignIn = makeNavigate(params.afterSignInUrl || params.redirectUrl || '/');
-
-    const navigateAfterSignUp = makeNavigate(params.afterSignUpUrl || params.redirectUrl || '/');
+    const redirectUrls = new RedirectUrls(this.#options, params);
+    const navigateAfterSignIn = makeNavigate(redirectUrls.getAfterSignInUrl());
+    const navigateAfterSignUp = makeNavigate(redirectUrls.getAfterSignUpUrl());
 
     const navigateToContinueSignUp = makeNavigate(
       params.continueSignUpUrl ||
@@ -1090,7 +1089,6 @@ export class Clerk implements ClerkInterface {
 
     const userExistsButNeedsToSignIn =
       su.externalAccountStatus === 'transferable' && su.externalAccountErrorCode === 'external_account_exists';
-
     if (userExistsButNeedsToSignIn) {
       const res = await signIn.create({ transfer: true });
       switch (res.status) {
@@ -1644,31 +1642,13 @@ export class Clerk implements ClerkInterface {
     });
   };
 
-  #buildUrl = (key: 'signInUrl' | 'signUpUrl', options?: SignInRedirectOptions | SignUpRedirectOptions): string => {
-    if (!this.loaded || !this.#environment || !this.#environment.displayConfig) {
+  #buildUrl = (key: 'signInUrl' | 'signUpUrl', params?: Record<string, string>): string => {
+    if (!key || !this.loaded || !this.#environment || !this.#environment.displayConfig) {
       return '';
     }
-
-    const signInOrUpUrl = pickRedirectionProp(
-      key,
-      { options: this.#options, displayConfig: this.#environment.displayConfig },
-      false,
-    );
-
-    const urls: RedirectOptions = {
-      afterSignInUrl: pickRedirectionProp('afterSignInUrl', { ctx: options, options: this.#options }, false),
-      afterSignUpUrl: pickRedirectionProp('afterSignUpUrl', { ctx: options, options: this.#options }, false),
-      redirectUrl: options?.redirectUrl || window.location.href,
-    };
-
-    (Object.keys(urls) as Array<keyof typeof urls>).forEach(function (key) {
-      const url = urls[key];
-      if (url) {
-        urls[key] = stripSameOrigin(toURL(url), toURL(signInOrUpUrl));
-      }
-    });
-
-    return this.buildUrlWithAuth(appendAsQueryParams(signInOrUpUrl, { ...urls, ...options?.initialValues }));
+    const signInOrUpUrl = this.#options[key] || this.#environment.displayConfig[key];
+    const redirectUrls = new RedirectUrls(this.#options, params);
+    return this.buildUrlWithAuth(redirectUrls.appendPreservedPropsToUrl(signInOrUpUrl, params));
   };
 
   assertComponentsReady(controls: unknown): asserts controls is ReturnType<MountComponentRenderer> {

packages/clerk-js/src/core/constants.ts

@@ -1,4 +1,11 @@
-export const PRESERVED_QUERYSTRING_PARAMS = ['after_sign_in_url', 'after_sign_up_url', 'redirect_url'];
+// TODO: Do we still have a use for this or can we simply preserve all params?
+export const PRESERVED_QUERYSTRING_PARAMS = [
+  'redirect_url',
+  'sign_in_force_redirect_url',
+  'sign_in_fallback_redirect_url',
+  'sign_up_force_redirect_url',
+  'sign_up_fallback_redirect_url',
+];
 
 export const CLERK_MODAL_STATE = '__clerk_modal_state';
 export const CLERK_SYNCED = '__clerk_synced';

packages/clerk-js/src/ui/components/SignIn/SignIn.tsx

@@ -44,9 +44,8 @@ function SignInRoutes(): JSX.Element {
           <SignInSSOCallback
             signUpUrl={signInContext.signUpUrl}
             signInUrl={signInContext.signInUrl}
-            afterSignInUrl={signInContext.afterSignInUrl}
-            afterSignUpUrl={signInContext.afterSignUpUrl}
-            redirectUrl={signInContext.redirectUrl}
+            signInForceRedirectUrl={signInContext.afterSignInUrl}
+            signUpForceRedirectUrl={signInContext.afterSignUpUrl}
             continueSignUpUrl={signInContext.signUpContinueUrl}
             firstFactorUrl={'../factor-one'}
             secondFactorUrl={'../factor-two'}
@@ -58,7 +57,7 @@ function SignInRoutes(): JSX.Element {
         </Route>
         <Route path='verify'>
           <SignInEmailLinkFlowComplete
-            redirectUrlComplete={signInContext.afterSignInUrl || signInContext.redirectUrl || undefined}
+            redirectUrlComplete={signInContext.afterSignInUrl}
             redirectUrl='../factor-two'
           />
         </Route>

packages/clerk-js/src/ui/components/SignIn/__tests__/SignInStart.test.tsx

@@ -199,7 +199,7 @@ describe('SignInStart', () => {
       expect(fixtures.signIn.create).toHaveBeenCalled();
       expect(fixtures.signIn.authenticateWithRedirect).toHaveBeenCalledWith({
         strategy: 'saml',
-        redirectUrl: 'http://localhost/#/sso-callback?redirect_url=http%3A%2F%2Flocalhost%2F',
+        redirectUrl: 'http://localhost/#/sso-callback',
         redirectUrlComplete: '/',
       });
     });

packages/clerk-js/src/ui/components/SignUp/SignUp.tsx

@@ -42,9 +42,8 @@ function SignUpRoutes(): JSX.Element {
           <SignUpSSOCallback
             signUpUrl={signUpContext.signUpUrl}
             signInUrl={signUpContext.signInUrl}
-            afterSignUpUrl={signUpContext.afterSignUpUrl}
-            afterSignInUrl={signUpContext.afterSignInUrl}
-            redirectUrl={signUpContext.redirectUrl}
+            signUpForceRedirectUrl={signUpContext.afterSignUpUrl}
+            signInForceRedirectUrl={signUpContext.afterSignInUrl}
             secondFactorUrl={signUpContext.secondFactorUrl}
             continueSignUpUrl='../continue'
             verifyEmailAddressUrl='../verify-email-address'
@@ -53,7 +52,7 @@ function SignUpRoutes(): JSX.Element {
         </Route>
         <Route path='verify'>
           <SignUpEmailLinkFlowComplete
-            redirectUrlComplete={signUpContext.afterSignUpUrl || signUpContext.redirectUrl || undefined}
+            redirectUrlComplete={signUpContext.afterSignUpUrl}
             verifyEmailPath='../verify-email-address'
             verifyPhonePath='../verify-phone-number'
           />

packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx

@@ -4,7 +4,9 @@ import type { OrganizationResource, UserResource } from '@clerk/types';
 import React, { useMemo } from 'react';
 
 import { SIGN_IN_INITIAL_VALUE_KEYS, SIGN_UP_INITIAL_VALUE_KEYS } from '../../core/constants';
-import { buildAuthQueryString, buildURL, createDynamicParamParser, pickRedirectionProp } from '../../utils';
+import { buildURL, createDynamicParamParser } from '../../utils';
+import { assertNoLegacyProp } from '../../utils/assertNoLegacyProp';
+import { RedirectUrls } from '../../utils/redirectUrls';
 import { ORGANIZATION_PROFILE_NAVBAR_ROUTE_ID } from '../constants';
 import { useEnvironment, useOptions } from '../contexts';
 import type { NavbarRoute } from '../elements';
@@ -48,6 +50,8 @@ export type SignUpContextType = SignUpCtx & {
   signUpUrl: string;
   secondFactorUrl: string;
   authQueryString: string | null;
+  afterSignUpUrl: string;
+  afterSignInUrl: string;
 };
 
 export const useSignUpContext = (): SignUpContextType => {
@@ -58,54 +62,41 @@ export const useSignUpContext = (): SignUpContextType => {
   const options = useOptions();
   const clerk = useClerk();
 
+  assertNoLegacyProp(options);
+  assertNoLegacyProp(ctx);
+
   const initialValuesFromQueryParams = useMemo(
     () => getInitialValuesFromQueryParams(queryString, SIGN_UP_INITIAL_VALUE_KEYS),
     [],
   );
 
+  const redirectUrls = new RedirectUrls(
+    options,
+    {
+      ...ctx,
+      signUpFallbackRedirectUrl: ctx.fallbackRedirectUrl,
+      signUpForceRedirectUrl: ctx.forceRedirectUrl,
+    },
+    queryParams,
+  );
+
   if (componentName !== 'SignUp') {
     throw new Error('Clerk: useSignUpContext called outside of the mounted SignUp component.');
   }
 
-  const afterSignUpUrl = clerk.buildUrlWithAuth(
-    pickRedirectionProp('afterSignUpUrl', {
-      queryParams,
-      ctx,
-      options,
-    }) || '/',
-  );
-
-  const afterSignInUrl = clerk.buildUrlWithAuth(
-    pickRedirectionProp('afterSignInUrl', {
-      queryParams,
-      ctx,
-      options,
-    }) || '/',
-  );
+  const afterSignUpUrl = clerk.buildUrlWithAuth(redirectUrls.getAfterSignUpUrl());
+  const afterSignInUrl = clerk.buildUrlWithAuth(redirectUrls.getAfterSignInUrl());
 
   const navigateAfterSignUp = () => navigate(afterSignUpUrl);
 
-  // Add query strings to the sign in URL
-  const authQs = buildAuthQueryString({
-    afterSignInUrl: afterSignInUrl,
-    afterSignUpUrl: afterSignUpUrl,
-    displayConfig: displayConfig,
-  });
-
   // The `ctx` object here refers to the SignUp component's props.
   // SignUp's own options won't have a `signUpUrl` property, so we have to get the value
   // from the `path` prop instead, when the routing is set to 'path'.
-  let signUpUrl =
-    (ctx.routing === 'path' ? ctx.path : undefined) ||
-    pickRedirectionProp('signUpUrl', { options, displayConfig }, false);
-  if (authQs && ctx.routing !== 'virtual') {
-    signUpUrl += `#/?${authQs}`;
-  }
+  let signUpUrl = (ctx.routing === 'path' && ctx.path) || options.signUpUrl || displayConfig.signUpUrl;
+  let signInUrl = ctx.signInUrl || options.signInUrl || displayConfig.signInUrl;
 
-  let signInUrl = pickRedirectionProp('signInUrl', { ctx, options, displayConfig }, false);
-  if (authQs && ctx.routing !== 'virtual') {
-    signInUrl += `#/?${authQs}`;
-  }
+  signUpUrl = redirectUrls.appendPreservedPropsToUrl(signUpUrl, queryParams);
+  signInUrl = redirectUrls.appendPreservedPropsToUrl(signInUrl, queryParams);
 
   // TODO: Avoid building this url again to remove duplicate code. Get it from window.Clerk instead.
   const secondFactorUrl = buildURL({ base: signInUrl, hashPath: '/factor-two' }, { stringify: true });
@@ -121,7 +112,7 @@ export const useSignUpContext = (): SignUpContextType => {
     navigateAfterSignUp,
     queryParams,
     initialValues: { ...ctx.initialValues, ...initialValuesFromQueryParams },
-    authQueryString: authQs,
+    authQueryString: redirectUrls.toSearchParams().toString(),
   };
 };
 
@@ -132,6 +123,8 @@ export type SignInContextType = SignInCtx & {
   signInUrl: string;
   signUpContinueUrl: string;
   authQueryString: string | null;
+  afterSignUpUrl: string;
+  afterSignInUrl: string;
 };
 
 export const useSignInContext = (): SignInContextType => {
@@ -142,55 +135,41 @@ export const useSignInContext = (): SignInContextType => {
   const options = useOptions();
   const clerk = useClerk();
 
+  assertNoLegacyProp(options);
+  assertNoLegacyProp(ctx);
+
   const initialValuesFromQueryParams = useMemo(
     () => getInitialValuesFromQueryParams(queryString, SIGN_IN_INITIAL_VALUE_KEYS),
     [],
   );
 
+  const redirectUrls = new RedirectUrls(
+    options,
+    {
+      ...ctx,
+      signInFallbackRedirectUrl: ctx.fallbackRedirectUrl,
+      signInForceRedirectUrl: ctx.forceRedirectUrl,
+    },
+    queryParams,
+  );
+
   if (componentName !== 'SignIn') {
     throw new Error('Clerk: useSignInContext called outside of the mounted SignIn component.');
   }
 
-  const afterSignUpUrl = clerk.buildUrlWithAuth(
-    pickRedirectionProp('afterSignUpUrl', {
-      queryParams,
-      ctx,
-      options,
-    }) || '/',
-  );
-
-  const afterSignInUrl = clerk.buildUrlWithAuth(
-    pickRedirectionProp('afterSignInUrl', {
-      queryParams,
-      ctx,
-      options,
-    }) || '/',
-  );
+  const afterSignInUrl = clerk.buildUrlWithAuth(redirectUrls.getAfterSignInUrl());
+  const afterSignUpUrl = clerk.buildUrlWithAuth(redirectUrls.getAfterSignUpUrl());
 
   const navigateAfterSignIn = () => navigate(afterSignInUrl);
 
-  // Add query strings to the sign in URL
-  const authQs = buildAuthQueryString({
-    afterSignInUrl: afterSignInUrl,
-    afterSignUpUrl: afterSignUpUrl,
-    displayConfig: displayConfig,
-  });
-
-  let signUpUrl = pickRedirectionProp('signUpUrl', { ctx, options, displayConfig }, false);
-  if (authQs && ctx.routing !== 'virtual') {
-    signUpUrl += `#/?${authQs}`;
-  }
-
   // The `ctx` object here refers to the SignIn component's props.
   // SignIn's own options won't have a `signInUrl` property, so we have to get the value
   // from the `path` prop instead, when the routing is set to 'path'.
-  let signInUrl =
-    (ctx.routing === 'path' ? ctx.path : undefined) ||
-    pickRedirectionProp('signInUrl', { options, displayConfig }, false);
-  if (authQs && ctx.routing !== 'virtual') {
-    signInUrl += `#/?${authQs}`;
-  }
+  let signInUrl = (ctx.routing === 'path' && ctx.path) || options.signInUrl || displayConfig.signInUrl;
+  let signUpUrl = ctx.signUpUrl || options.signUpUrl || displayConfig.signUpUrl;
 
+  signInUrl = redirectUrls.appendPreservedPropsToUrl(signInUrl, queryParams);
+  signUpUrl = redirectUrls.appendPreservedPropsToUrl(signUpUrl, queryParams);
   const signUpContinueUrl = buildURL({ base: signUpUrl, hashPath: '/continue' }, { stringify: true });
 
   return {
@@ -204,7 +183,7 @@ export const useSignInContext = (): SignInContextType => {
     signUpContinueUrl,
     queryParams,
     initialValues: { ...ctx.initialValues, ...initialValuesFromQueryParams },
-    authQueryString: authQs,
+    authQueryString: redirectUrls.toSearchParams().toString(),
   };
 };
 
@@ -266,7 +245,7 @@ export const useUserButtonContext = () => {
     throw new Error('Clerk: useUserButtonContext called outside of the mounted UserButton component.');
   }
 
-  const signInUrl = pickRedirectionProp('signInUrl', { ctx, options, displayConfig }, false);
+  const signInUrl = ctx.signInUrl || options.signInUrl || displayConfig.signInUrl;
   const userProfileUrl = ctx.userProfileUrl || displayConfig.userProfileUrl;
 
   const afterSignOutUrl = ctx.afterSignOutUrl || clerk.buildAfterSignOutUrl();

packages/clerk-js/src/ui/portal/index.tsx

@@ -5,7 +5,7 @@ import ReactDOM from 'react-dom';
 import { PRESERVED_QUERYSTRING_PARAMS } from '../../core/constants';
 import { clerkErrorPathRouterMissingPath } from '../../core/errors';
 import { buildVirtualRouterUrl } from '../../utils';
-import { normalizeRoutingOptions } from '../../utils/authPropHelpers';
+import { normalizeRoutingOptions } from '../../utils/normalizeRoutingOptions';
 import { ComponentContext } from '../contexts';
 import { HashRouter, PathRouter, VirtualRouter } from '../router';
 import type { AvailableComponentCtx } from '../types';

packages/clerk-js/src/utils/__tests__/authPropHelpers.test.ts

@@ -0,0 +1,270 @@
+import { snakeToCamel } from '@clerk/shared/underscore';
+import type { RedirectOptions } from '@clerk/types';
+
+import { RedirectUrls } from '../redirectUrls';
+
+const oldWindowLocation = window.location;
+
+describe('redirectUrls', () => {
+  let mockWindowLocation: Window['location'];
+
+  beforeEach(() => {
+    mockWindowLocation = new URL('https://www.clerk.com') as any as Window['location'];
+    Object.defineProperty(global.window, 'location', { value: mockWindowLocation });
+  });
+
+  afterAll(() => {
+    Object.defineProperty(global.window, 'location', {
+      value: oldWindowLocation,
+    });
+  });
+
+  describe('parse input values', () => {
+    it('parses options or props', () => {
+      const options: [keyof RedirectOptions, string][] = [
+        ['signInForceRedirectUrl', 'sign-in-force-redirect-url'],
+        ['signInFallbackRedirectUrl', 'sign-in-fallback-redirect'],
+        ['signUpForceRedirectUrl', 'sign-up-force-redirect'],
+        ['signUpFallbackRedirectUrl', 'sign-up-fallback-redirect'],
+      ];
+
+      // test options (first param)
+      for (const [k, v] of options) {
+        const redirectUrls = new RedirectUrls({ [k]: v });
+        // @ts-expect-error ignoring private modifier
+        expect(redirectUrls.fromOptions[k]).toBe(`${mockWindowLocation.href}${v}`);
+      }
+
+      // test props (second param)
+      for (const [k, v] of options) {
+        const redirectUrls = new RedirectUrls({}, { [k]: v });
+        // @ts-expect-error ignoring private modifier
+        expect(redirectUrls.fromProps[k]).toBe(`${mockWindowLocation.href}${v}`);
+      }
+    });
+
+    it('parses search params', () => {
+      const params = [
+        ['sign_in_force_redirect_url', 'sign-in-force-redirect'],
+        ['sign_in_fallback_redirect_url', 'sign-in-fallback-redirect'],
+        ['sign_up_force_redirect_url', 'sign-up-force-redirect'],
+        ['sign_up_fallback_redirect_url', 'sign-up-fallback-redirect'],
+      ];
+
+      for (const [key, val] of params) {
+        const redirectUrls = new RedirectUrls({}, {}, { [key]: val });
+        // @ts-expect-error ignoring private modifier
+        expect(redirectUrls.fromSearchParams[snakeToCamel(key)]).toBe(`${mockWindowLocation.href}${val}`);
+      }
+    });
+
+    it('filters origins that are not allowed', () => {
+      const redirectUrls = new RedirectUrls(
+        {
+          allowedRedirectOrigins: ['https://www.clerk.com'],
+          // This would take priority but its not allowed
+          signInForceRedirectUrl: 'https://www.other.com/sign-in-force-redirect-url',
+        },
+        {
+          // This will be used instead
+          signInForceRedirectUrl: 'https://www.clerk.com/sign-in-force-redirect-url',
+        },
+      );
+
+      expect(redirectUrls.getAfterSignInUrl()).toBe('https://www.clerk.com/sign-in-force-redirect-url');
+    });
+  });
+
+  describe('get redirect urls', () => {
+    it('prioritizes force urls among other urls in the same group', () => {
+      const redirectUrls = new RedirectUrls({
+        signInForceRedirectUrl: 'sign-in-force-redirect-url',
+        signInFallbackRedirectUrl: 'sign-in-fallback-redirect-url',
+        signUpForceRedirectUrl: 'sign-up-force-redirect-url',
+        signUpFallbackRedirectUrl: 'sign-up-fallback-redirect-url',
+      });
+
+      expect(redirectUrls.getAfterSignInUrl()).toBe(`${mockWindowLocation.href}sign-in-force-redirect-url`);
+      expect(redirectUrls.getAfterSignUpUrl()).toBe(`${mockWindowLocation.href}sign-up-force-redirect-url`);
+    });
+
+    it('uses fallback urls if force do not exist', () => {
+      const redirectUrls = new RedirectUrls({
+        signInFallbackRedirectUrl: 'sign-in-fallback-redirect-url',
+        signUpFallbackRedirectUrl: 'sign-up-fallback-redirect-url',
+      });
+      expect(redirectUrls.getAfterSignInUrl()).toBe(`${mockWindowLocation.href}sign-in-fallback-redirect-url`);
+      expect(redirectUrls.getAfterSignUpUrl()).toBe(`${mockWindowLocation.href}sign-up-fallback-redirect-url`);
+    });
+
+    it('prioritizes props over options', () => {
+      const redirectUrls = new RedirectUrls(
+        {
+          signInFallbackRedirectUrl: 'sign-in-fallback-redirect-url',
+          signUpFallbackRedirectUrl: 'sign-up-fallback-redirect-url',
+        },
+        {
+          signInFallbackRedirectUrl: 'prop-sign-in-fallback-redirect-url',
+          signUpFallbackRedirectUrl: 'prop-sign-up-fallback-redirect-url',
+        },
+      );
+      expect(redirectUrls.getAfterSignInUrl()).toBe(`${mockWindowLocation.href}prop-sign-in-fallback-redirect-url`);
+      expect(redirectUrls.getAfterSignUpUrl()).toBe(`${mockWindowLocation.href}prop-sign-up-fallback-redirect-url`);
+    });
+
+    it('prioritizes force even if props take priority over options', () => {
+      const redirectUrls = new RedirectUrls(
+        {
+          signInForceRedirectUrl: 'sign-in-fallback-redirect-url',
+          signUpForceRedirectUrl: 'sign-up-fallback-redirect-url',
+        },
+        {
+          signInFallbackRedirectUrl: 'prop-sign-in-fallback-redirect-url',
+          signUpFallbackRedirectUrl: 'prop-sign-up-fallback-redirect-url',
+        },
+      );
+      expect(redirectUrls.getAfterSignInUrl()).toBe(`${mockWindowLocation.href}sign-in-fallback-redirect-url`);
+      expect(redirectUrls.getAfterSignUpUrl()).toBe(`${mockWindowLocation.href}sign-up-fallback-redirect-url`);
+    });
+
+    it('prioritizes searchParams over all else', () => {
+      const redirectUrls = new RedirectUrls(
+        {
+          signInFallbackRedirectUrl: 'sign-in-fallback-redirect-url',
+          signUpFallbackRedirectUrl: 'sign-up-fallback-redirect-url',
+        },
+        {
+          signInFallbackRedirectUrl: 'prop-sign-in-fallback-redirect-url',
+          signUpFallbackRedirectUrl: 'prop-sign-up-fallback-redirect-url',
+        },
+        {
+          sign_in_fallback_redirect_url: 'search-param-sign-in-fallback-redirect-url',
+          sign_up_fallback_redirect_url: 'search-param-sign-up-fallback-redirect-url',
+        },
+      );
+      expect(redirectUrls.getAfterSignInUrl()).toBe(
+        `${mockWindowLocation.href}search-param-sign-in-fallback-redirect-url`,
+      );
+      expect(redirectUrls.getAfterSignUpUrl()).toBe(
+        `${mockWindowLocation.href}search-param-sign-up-fallback-redirect-url`,
+      );
+    });
+
+    it('prioritizes force even if searchParams exist', () => {
+      const redirectUrls = new RedirectUrls(
+        {
+          signInForceRedirectUrl: 'sign-in-force-redirect-url',
+          signUpForceRedirectUrl: 'sign-up-force-redirect-url',
+        },
+        {
+          signInFallbackRedirectUrl: 'prop-sign-in-fallback-redirect-url',
+          signUpFallbackRedirectUrl: 'prop-sign-up-fallback-redirect-url',
+        },
+        {
+          sign_in_fallback_redirect_url: 'search-param-sign-in-fallback-redirect-url',
+          sign_up_fallback_redirect_url: 'search-param-sign-up-fallback-redirect-url',
+        },
+      );
+      expect(redirectUrls.getAfterSignInUrl()).toBe(`${mockWindowLocation.href}sign-in-force-redirect-url`);
+      expect(redirectUrls.getAfterSignUpUrl()).toBe(`${mockWindowLocation.href}sign-up-force-redirect-url`);
+    });
+
+    it('prioritizes redirect_url from searchParamsover fallback urls', () => {
+      const redirectUrls = new RedirectUrls(
+        {
+          signInFallbackRedirectUrl: 'sign-in-fallback-redirect-url',
+          signUpFallbackRedirectUrl: 'sign-up-fallback-redirect-url',
+        },
+        {
+          signInFallbackRedirectUrl: 'prop-sign-in-fallback-redirect-url',
+          signUpFallbackRedirectUrl: 'prop-sign-up-fallback-redirect-url',
+        },
+        {
+          redirect_url: 'search-param-redirect-url',
+        },
+      );
+      expect(redirectUrls.getAfterSignInUrl()).toBe(`${mockWindowLocation.href}search-param-redirect-url`);
+      expect(redirectUrls.getAfterSignUpUrl()).toBe(`${mockWindowLocation.href}search-param-redirect-url`);
+    });
+  });
+
+  describe('search params', () => {
+    it('appends only the preserved props', () => {
+      const redirectUrls = new RedirectUrls(
+        {
+          signInFallbackRedirectUrl: 'sign-in-fallback-redirect-url',
+        },
+        {
+          signInFallbackRedirectUrl: 'props-sign-in-fallback-redirect-url',
+          signInForceRedirectUrl: 'props-sign-in-force-redirect-url',
+        },
+        {
+          sign_up_fallback_redirect_url: 'search-param-sign-up-fallback-redirect-url',
+          redirect_url: 'search-param-redirect-url',
+        },
+      );
+
+      const params = redirectUrls.toSearchParams();
+      expect([...params.keys()].length).toBe(1);
+      expect(params.get('redirect_url')).toBe(`${mockWindowLocation.href}search-param-redirect-url`);
+    });
+  });
+
+  describe('append to url', () => {
+    it('does not append redirect urls from options to the url if the url is same origin', () => {
+      const redirectUrls = new RedirectUrls({
+        signInFallbackRedirectUrl: 'sign-in-fallback-redirect-url',
+        signUpFallbackRedirectUrl: 'sign-up-fallback-redirect-url',
+      });
+
+      const url = redirectUrls.appendPreservedPropsToUrl('https://www.clerk.com');
+      expect(url).toBe('https://www.clerk.com/');
+    });
+
+    it('appends redirect urls from options to the url if the url is cross origin', () => {
+      const redirectUrls = new RedirectUrls({}, {}, { redirect_url: '/search-param-redirect-url' });
+
+      const url = redirectUrls.appendPreservedPropsToUrl('https://www.example.com');
+      expect(url).toContain('search-param-redirect-url');
+    });
+
+    it('overrides the existing search params', () => {
+      const redirectUrls = new RedirectUrls(
+        {
+          signInFallbackRedirectUrl: 'sign-in-fallback-redirect-url',
+          signUpFallbackRedirectUrl: 'sign-up-fallback-redirect-url',
+        },
+        {},
+        { redirect_url: '/search-param-redirect-url' },
+      );
+
+      const url = redirectUrls.appendPreservedPropsToUrl('https://www.example.com?redirect_url=existing');
+      expect(url).toBe(
+        'https://www.example.com/?redirect_url=existing#/?redirect_url=https%3A%2F%2Fwww.clerk.com%2Fsearch-param-redirect-url',
+      );
+    });
+
+    it('appends redirect urls from props to the url even if the url is same origin', () => {
+      const redirectUrls = new RedirectUrls({}, {}, { redirect_url: '/search-param-redirect-url' });
+
+      const url = redirectUrls.appendPreservedPropsToUrl('https://www.clerk.com');
+      expect(url).toContain('search-param-redirect-url');
+    });
+
+    it('does not append redirect urls from props to the url if the url is same origin if they match the options urls', () => {
+      const redirectUrls = new RedirectUrls(
+        {
+          signInFallbackRedirectUrl: 'sign-in-fallback-redirect-url',
+          signUpFallbackRedirectUrl: 'sign-up-fallback-redirect-url',
+        },
+        {
+          signInFallbackRedirectUrl: 'sign-in-fallback-redirect-url',
+          signUpFallbackRedirectUrl: 'sign-up-fallback-redirect-url',
+        },
+      );
+
+      const url = redirectUrls.appendPreservedPropsToUrl('https://www.clerk.com');
+      expect(url).toBe('https://www.clerk.com/');
+    });
+  });
+});

packages/clerk-js/src/utils/__tests__/redirectUrls.test.ts

@@ -13,8 +13,10 @@ import {
   isDataUri,
   isDevAccountPortalOrigin,
   isRedirectForFAPIInitiatedFlow,
+  isRelativeUrl,
   isValidUrl,
   mergeFragmentIntoUrl,
+  relativeToAbsoluteUrl,
   requiresUserInput,
   trimLeadingSlash,
   trimTrailingSlash,
@@ -59,16 +61,42 @@ describe('isValidUrl(url)', () => {
 });
 
 describe('isValidUrl(url,base)', () => {
+  const cases: Array<[string, boolean]> = [
+    ['', false],
+    ['/', false],
+    ['/test', false],
+    ['/test?clerk=false', false],
+    ['/?clerk=false', false],
+    ['https://www.clerk.com/', true],
+    ['https://www.clerk.com/?test=clerk', true],
+    ['https://www.clerk.com', true],
+    ['https://clerk.com', true],
+    ['https://clerk.com#test', true],
+    ['www.clerk.com/', false],
+    ['www.clerk.com', false],
+    ['www.clerk', false],
+    ['clerk.com', false],
+    ['clerk.com?clerk=yes', false],
+    ['clerk.com#/?clerk=yes', false],
+  ];
+
+  test.each(cases)('.isValidUrl(%s,%s)', (a, expected) => {
+    expect(isValidUrl(a)).toBe(expected);
+  });
+});
+
+describe('isRelativeUrl(url,base)', () => {
   const cases: Array<[string, boolean]> = [
     ['', true],
     ['/', true],
     ['/test', true],
     ['/test?clerk=true', true],
     ['/?clerk=true', true],
+    ['https://www.clerk.com/', false],
   ];
 
-  test.each(cases)('.isValidUrl(%s,%s)', (a, expected) => {
-    expect(isValidUrl(a, { includeRelativeUrls: true })).toBe(expected);
+  test.each(cases)('.isRelativeUrl(%s,%s)', (a, expected) => {
+    expect(isRelativeUrl(a)).toBe(expected);
   });
 });
 
@@ -363,6 +391,7 @@ describe('mergeFragmentIntoUrl(url | string)', () => {
     ['https://test.test/foo?a=a&b=b#/bar?c=c', new URL('https://test.test/foo/bar?a=a&b=b&c=c')],
     ['https://test.test?a=a#/?a=b', new URL('https://test.test?a=b')],
     ['https://test.test/en-US/sign-in#/?a=b', new URL('https://test.test/en-US/sign-in?a=b')],
+    ['https://test.test/en-US/sign-in?a=c#/?a=b', new URL('https://test.test/en-US/sign-in?a=b')],
   ];
 
   test.each(testCases)('url=(%s), expected value=(%s)', (url, expectedParamValue) => {
@@ -457,7 +486,7 @@ describe('isAllowedRedirectOrigin', () => {
   afterAll(() => warnMock.mockRestore());
 
   test.each(cases)('isAllowedRedirectOrigin("%s","%s") === %s', (url, allowedOrigins, expected) => {
-    expect(isAllowedRedirectOrigin(url, allowedOrigins)).toEqual(expected);
+    expect(isAllowedRedirectOrigin(allowedOrigins)(url)).toEqual(expected);
     expect(warnMock).toHaveBeenCalledTimes(Number(!expected)); // Number(boolean) evaluates to 0 or 1
   });
 });
@@ -491,3 +520,18 @@ describe('createAllowedRedirectOrigins', () => {
     expect(allowedRedirectOriginsValues).toEqual(['https://test.host', 'https://*.test.host']);
   });
 });
+
+describe('relativeToAbsoluteUrl', () => {
+  const cases: [string, string, string][] = [
+    ['https://www.clerk.com', '/test', 'https://www.clerk.com/test'],
+    ['https://www.clerk.com', 'test', 'https://www.clerk.com/test'],
+    ['https://www.clerk.com/', '/test', 'https://www.clerk.com/test'],
+    ['https://www.clerk.com/', 'test', 'https://www.clerk.com/test'],
+    ['https://www.clerk.com', 'https://www.clerk.com/test', 'https://www.clerk.com/test'],
+    ['https://www.clerk.com', 'https://www.google.com/test', 'https://www.google.com/test'],
+  ];
+
+  test.each(cases)('relativeToAbsoluteUrl(%s, %s) === %s', (origin, relative, expected) => {
+    expect(relativeToAbsoluteUrl(relative, origin)).toEqual(expected);
+  });
+});

packages/clerk-js/src/utils/__tests__/url.test.ts

@@ -0,0 +1,9 @@
+export function assertNoLegacyProp(props: Record<string, any>) {
+  const legacyProps = ['redirectUrl', 'afterSignInUrl', 'afterSignUpUrl'];
+  const legacyProp = Object.keys(props).find(key => legacyProps.includes(key));
+  if (legacyProp) {
+    throw new Error(
+      `Clerk: The prop "${legacyProp}" is deprecated and should be removed. Use the "afterSignInUrl" and "afterSignUpUrl" props instead.`,
+    );
+  }
+}

packages/clerk-js/src/utils/assertNoLegacyProp.ts

@@ -23,7 +23,7 @@ export * from './web3';
 export * from './windowNavigate';
 export * from './componentGuards';
 export * from './queryStateParams';
-export * from './authPropHelpers';
+export * from './normalizeRoutingOptions';
 export * from './image';
 export * from './captcha';
 export * from './completeSignUpFlow';

packages/clerk-js/src/utils/authPropHelpers.ts

@@ -0,0 +1,21 @@
+import type { RoutingOptions, RoutingStrategy } from '@clerk/types';
+
+import { clerkInvalidRoutingStrategy } from '../core/errors';
+
+export const normalizeRoutingOptions = ({
+  routing,
+  path,
+}: {
+  routing?: RoutingStrategy;
+  path?: string;
+}): RoutingOptions => {
+  if (!!path && !routing) {
+    return { routing: 'path', path };
+  }
+
+  if (routing !== 'path' && !!path) {
+    return clerkInvalidRoutingStrategy(routing);
+  }
+
+  return { routing, path } as RoutingOptions;
+};

packages/clerk-js/src/utils/index.ts

@@ -0,0 +1,106 @@
+import { applyFunctionToObj, filterProps, removeUndefined } from '@clerk/shared/object';
+import { camelToSnake } from '@clerk/shared/underscore';
+import type { ClerkOptions, RedirectOptions } from '@clerk/types';
+import type { ParsedQs } from 'qs';
+
+import { buildURL, isAllowedRedirectOrigin, relativeToAbsoluteUrl } from './url';
+
+export class RedirectUrls {
+  private static keys: (keyof RedirectOptions)[] = [
+    'signInForceRedirectUrl',
+    'signInFallbackRedirectUrl',
+    'signUpForceRedirectUrl',
+    'signUpFallbackRedirectUrl',
+  ];
+
+  private static preserved = ['redirectUrl'];
+
+  private readonly options: ClerkOptions;
+  private readonly fromOptions: RedirectOptions;
+  private readonly fromProps: RedirectOptions;
+  private readonly fromSearchParams: RedirectOptions & { redirectUrl?: string | null };
+
+  constructor(options: ClerkOptions, props: RedirectOptions = {}, searchParams: any = {}) {
+    this.options = options;
+    this.fromOptions = this.#parse(options || {});
+    this.fromProps = this.#parse(props || {});
+    this.fromSearchParams = this.#parseSearchParams(searchParams || {});
+  }
+
+  getAfterSignInUrl() {
+    return this.#getRedirectUrl('signIn');
+  }
+
+  getAfterSignUpUrl() {
+    return this.#getRedirectUrl('signUp');
+  }
+
+  toSearchParams() {
+    return this.#toSearchParams(this.#flattenPreservedProps());
+  }
+
+  appendPreservedPropsToUrl(url: string, _otherParams: ParsedQs = {}) {
+    const params = new URLSearchParams();
+    const otherParams = Object.entries(_otherParams);
+    const redirectParams = [...this.#toSearchParams(this.#flattenPreservedProps()).entries()];
+    // merge with existing search params, if any
+    // redirect params should always win
+    [otherParams, redirectParams].flat().forEach(([key, value]) => {
+      typeof value === 'string' && params.set(key, value);
+    });
+
+    // TODO: A potential future improvement here is to remove the origin from the params we append
+    // if `url` and the param share the same origin
+    return buildURL({ base: url, hashSearch: params.toString() }, { stringify: true });
+  }
+
+  #toSearchParams(obj: Record<string, string | undefined | null>): URLSearchParams {
+    const camelCased = Object.fromEntries(Object.entries(obj).map(([key, value]) => [camelToSnake(key), value]));
+    return new URLSearchParams(removeUndefined(camelCased) as Record<string, string>);
+  }
+
+  #flattenPreservedProps() {
+    return Object.fromEntries(
+      Object.entries({ ...this.fromSearchParams }).filter(([key]) => RedirectUrls.preserved.includes(key)),
+    );
+  }
+
+  #getRedirectUrl(prefix: 'signIn' | 'signUp') {
+    const forceKey = `${prefix}ForceRedirectUrl` as const;
+    const fallbackKey = `${prefix}FallbackRedirectUrl` as const;
+    let result;
+    // Prioritize forceRedirectUrl
+    result = this.fromSearchParams[forceKey] || this.fromProps[forceKey] || this.fromOptions[forceKey];
+    // Try to get redirect_url that only allowed as a search param
+    result ||= this.fromSearchParams.redirectUrl;
+    // Otherwise, fallback to fallbackRedirectUrl
+    result ||= this.fromSearchParams[fallbackKey] || this.fromProps[fallbackKey] || this.fromOptions[fallbackKey];
+    return result || '/';
+  }
+
+  #parse(obj: unknown) {
+    const res = {} as RedirectOptions;
+    RedirectUrls.keys.forEach(key => {
+      // @ts-expect-error
+      res[key] = obj[key];
+    });
+    return this.#toAbsoluteUrls(this.#filterOrigins(res));
+  }
+
+  #parseSearchParams(obj: any) {
+    const res = {} as typeof this.fromSearchParams;
+    RedirectUrls.keys.forEach(key => {
+      res[key] = obj[camelToSnake(key)];
+    });
+    res['redirectUrl'] = obj.redirect_url;
+    return this.#toAbsoluteUrls(this.#filterOrigins(res));
+  }
+
+  #toAbsoluteUrls(obj: RedirectOptions) {
+    return applyFunctionToObj(obj, (url: string) => relativeToAbsoluteUrl(url, window.location.origin));
+  }
+
+  #filterOrigins = (obj: RedirectOptions) => {
+    return filterProps(obj, isAllowedRedirectOrigin(this.options?.allowedRedirectOrigins));
+  };
+}

packages/clerk-js/src/utils/normalizeRoutingOptions.ts

@@ -229,20 +229,38 @@ export function getSearchParameterFromHash({
   return dummyUrlForHash.searchParams.get(paramName);
 }
 
-export function isValidUrl(val: unknown, opts?: { includeRelativeUrls?: boolean }): val is string {
-  const { includeRelativeUrls = false } = opts || {};
-  if (!val && !includeRelativeUrls) {
+export function isValidUrl(val: unknown): val is string {
+  if (!val) {
     return false;
   }
 
   try {
-    new URL(val as string, includeRelativeUrls ? DUMMY_URL_BASE : undefined);
+    new URL(val as string);
     return true;
   } catch (e) {
     return false;
   }
 }
 
+export function relativeToAbsoluteUrl(url: string, origin: string | URL): string {
+  if (isValidUrl(url)) {
+    return url;
+  }
+  return new URL(url, origin).href;
+}
+
+export function isRelativeUrl(val: unknown): val is string {
+  if (val !== val && !val) {
+    return false;
+  }
+  try {
+    const temp = new URL(val as string, DUMMY_URL_BASE);
+    return temp.origin === DUMMY_URL_BASE;
+  } catch (e) {
+    return false;
+  }
+}
+
 export function isDataUri(val?: string): val is string {
   if (!isValidUrl(val)) {
     return false;
@@ -328,28 +346,29 @@ export function requiresUserInput(redirectUrl: string): boolean {
   return frontendApiRedirectPathsWithUserInput.includes(url.pathname);
 }
 
-export const isAllowedRedirectOrigin = (_url: string, allowedRedirectOrigins: Array<string | RegExp> | undefined) => {
-  if (!allowedRedirectOrigins) {
-    return true;
-  }
+export const isAllowedRedirectOrigin =
+  (allowedRedirectOrigins: Array<string | RegExp> | undefined) => (_url: string) => {
+    if (!allowedRedirectOrigins) {
+      return true;
+    }
 
-  const url = new URL(_url, DUMMY_URL_BASE);
-  const isRelativeUrl = url.origin === DUMMY_URL_BASE;
-  if (isRelativeUrl) {
-    return true;
-  }
+    const url = new URL(_url, DUMMY_URL_BASE);
+    const isRelativeUrl = url.origin === DUMMY_URL_BASE;
+    if (isRelativeUrl) {
+      return true;
+    }
 
-  const isAllowed = allowedRedirectOrigins
-    .map(origin => (typeof origin === 'string' ? globs.toRegexp(trimTrailingSlash(origin)) : origin))
-    .some(origin => origin.test(trimTrailingSlash(url.origin)));
+    const isAllowed = allowedRedirectOrigins
+      .map(origin => (typeof origin === 'string' ? globs.toRegexp(trimTrailingSlash(origin)) : origin))
+      .some(origin => origin.test(trimTrailingSlash(url.origin)));
 
-  if (!isAllowed) {
-    console.warn(
-      `Clerk: Redirect URL ${url} is not on one of the allowedRedirectOrigins, falling back to the default redirect URL.`,
-    );
-  }
-  return isAllowed;
-};
+    if (!isAllowed) {
+      console.warn(
+        `Clerk: Redirect URL ${url} is not on one of the allowedRedirectOrigins, falling back to the default redirect URL.`,
+      );
+    }
+    return isAllowed;
+  };
 
 export function createAllowedRedirectOrigins(
   allowedRedirectOrigins: Array<string | RegExp> | undefined,
@@ -369,3 +388,16 @@ export function createAllowedRedirectOrigins(
 
   return origins;
 }
+
+export const isCrossOrigin = (url: string | URL, origin: string | URL = window.location.origin): boolean => {
+  try {
+    if (isRelativeUrl(url)) {
+      return false;
+    }
+    const urlOrigin = new URL(url).origin;
+    const originOrigin = new URL(origin).origin;
+    return urlOrigin !== originOrigin;
+  } catch (e) {
+    return false;
+  }
+};

packages/clerk-js/src/utils/redirectUrls.ts

@@ -15,8 +15,10 @@ declare global {
       NEXT_PUBLIC_CLERK_PROXY_URL: string | undefined;
       NEXT_PUBLIC_CLERK_SIGN_IN_URL: string | undefined;
       NEXT_PUBLIC_CLERK_SIGN_UP_URL: string | undefined;
-      NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL: string | undefined;
-      NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL: string | undefined;
+      NEXT_PUBLIC_CLERK_SIGN_IN_FORCE_REDIRECT_URL: string | undefined;
+      NEXT_PUBLIC_CLERK_SIGN_UP_FORCE_REDIRECT_URL: string | undefined;
+      NEXT_PUBLIC_CLERK_SIGN_IN_FALLBACK_REDIRECT_URL: string | undefined;
+      NEXT_PUBLIC_CLERK_SIGN_UP_FALLBACK_REDIRECT_URL: string | undefined;
     }
   }
 }

packages/clerk-js/src/utils/url.ts

@@ -15,8 +15,14 @@ export const mergeNextClerkPropsWithEnv = (props: Omit<NextClerkProviderProps, '
     isSatellite: props.isSatellite || isTruthy(process.env.NEXT_PUBLIC_CLERK_IS_SATELLITE),
     signInUrl: props.signInUrl || process.env.NEXT_PUBLIC_CLERK_SIGN_IN_URL || '',
     signUpUrl: props.signUpUrl || process.env.NEXT_PUBLIC_CLERK_SIGN_UP_URL || '',
-    afterSignInUrl: props.afterSignInUrl || process.env.NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL || '',
-    afterSignUpUrl: props.afterSignUpUrl || process.env.NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL || '',
+    signInForceRedirectUrl:
+      props.signInForceRedirectUrl || process.env.NEXT_PUBLIC_CLERK_SIGN_IN_FORCE_REDIRECT_URL || '',
+    signUpForceRedirectUrl:
+      props.signUpForceRedirectUrl || process.env.NEXT_PUBLIC_CLERK_SIGN_UP_FORCE_REDIRECT_URL || '',
+    signInFallbackRedirectUrl:
+      props.signInFallbackRedirectUrl || process.env.NEXT_PUBLIC_CLERK_SIGN_IN_FALLBACK_REDIRECT_URL || '',
+    signUpFallbackRedirectUrl:
+      props.signUpFallbackRedirectUrl || process.env.NEXT_PUBLIC_CLERK_SIGN_UP_FALLBACK_REDIRECT_URL || '',
     telemetry: props.telemetry ?? {
       disabled: isTruthy(process.env.NEXT_PUBLIC_CLERK_TELEMETRY_DISABLED),
       debug: isTruthy(process.env.NEXT_PUBLIC_CLERK_TELEMETRY_DEBUG),

packages/nextjs/src/global.d.ts

@@ -5,13 +5,14 @@ import { assertSingleChild, normalizeWithDefaultValue, safeExecute } from '../ut
 import { withClerk } from './withClerk';
 
 export const SignInButton = withClerk(({ clerk, children, ...props }: WithClerkProp<SignInButtonProps>) => {
-  const { afterSignInUrl, afterSignUpUrl, redirectUrl, mode, ...rest } = props;
+  const { signUpFallbackRedirectUrl, forceRedirectUrl, fallbackRedirectUrl, signUpForceRedirectUrl, mode, ...rest } =
+    props;
 
   children = normalizeWithDefaultValue(children, 'Sign in');
   const child = assertSingleChild(children)('SignInButton');
 
   const clickHandler = () => {
-    const opts = { afterSignInUrl, afterSignUpUrl, redirectUrl };
+    const opts = { signUpFallbackRedirectUrl, forceRedirectUrl, fallbackRedirectUrl, signUpForceRedirectUrl };
     if (mode === 'modal') {
       return clerk.openSignIn(opts);
     }

packages/nextjs/src/utils/mergeNextClerkPropsWithEnv.ts

@@ -15,7 +15,7 @@ export const SignInWithMetamaskButton = withClerk(
     // eslint-disable-next-line @typescript-eslint/require-await
     const clickHandler = async () => {
       async function authenticate() {
-        await clerk.authenticateWithMetamask({ redirectUrl });
+        await clerk.authenticateWithMetamask({ redirectUrl: redirectUrl || undefined });
       }
       void authenticate();
     };

packages/react/src/components/SignInButton.tsx

@@ -5,13 +5,27 @@ import { assertSingleChild, normalizeWithDefaultValue, safeExecute } from '../ut
 import { withClerk } from './withClerk';
 
 export const SignUpButton = withClerk(({ clerk, children, ...props }: WithClerkProp<SignUpButtonProps>) => {
-  const { afterSignInUrl, afterSignUpUrl, redirectUrl, mode, unsafeMetadata, ...rest } = props;
+  const {
+    fallbackRedirectUrl,
+    forceRedirectUrl,
+    signInFallbackRedirectUrl,
+    signInForceRedirectUrl,
+    mode,
+    unsafeMetadata,
+    ...rest
+  } = props;
 
   children = normalizeWithDefaultValue(children, 'Sign up');
   const child = assertSingleChild(children)('SignUpButton');
 
   const clickHandler = () => {
-    const opts = { afterSignInUrl, afterSignUpUrl, redirectUrl, unsafeMetadata };
+    const opts = {
+      fallbackRedirectUrl,
+      forceRedirectUrl,
+      signInFallbackRedirectUrl,
+      signInForceRedirectUrl,
+      unsafeMetadata,
+    };
 
     if (mode === 'modal') {
       return clerk.openSignUp(opts);

packages/react/src/components/SignInWithMetamaskButton.tsx

@@ -46,34 +46,34 @@ describe('<SignInButton/>', () => {
     expect(mockRedirectToSignIn).toHaveBeenCalled();
   });
 
-  it('handles redirectUrl prop', async () => {
-    render(<SignInButton redirectUrl={url} />);
+  it('handles forceRedirectUrl prop', async () => {
+    render(<SignInButton forceRedirectUrl={url} />);
 
     const btn = screen.getByText('Sign in');
     await userEvent.click(btn);
 
-    expect(mockRedirectToSignIn).toHaveBeenCalledWith({ redirectUrl: url });
+    expect(mockRedirectToSignIn).toHaveBeenCalledWith({ forceRedirectUrl: url });
   });
 
-  it('handles afterSignInUrl prop', async () => {
-    render(<SignInButton afterSignInUrl={url} />);
+  it('handles forceRedirectUrl prop', async () => {
+    render(<SignInButton forceRedirectUrl={url} />);
 
     const btn = screen.getByText('Sign in');
     await userEvent.click(btn);
 
     expect(mockRedirectToSignIn).toHaveBeenCalledWith({
-      afterSignInUrl: url,
+      forceRedirectUrl: url,
     });
   });
 
-  it('handles afterSignUpUrl prop', async () => {
-    render(<SignInButton afterSignUpUrl={url} />);
+  it('handles signUpForceRedirectUrl prop', async () => {
+    render(<SignInButton signUpForceRedirectUrl={url} />);
 
     const btn = screen.getByText('Sign in');
     await userEvent.click(btn);
 
     expect(mockRedirectToSignIn).toHaveBeenCalledWith({
-      afterSignUpUrl: url,
+      signUpForceRedirectUrl: url,
     });
   });
 

packages/react/src/components/SignUpButton.tsx

@@ -48,33 +48,33 @@ describe('<SignUpButton/>', () => {
     });
   });
 
-  it('handles redirectUrl prop', async () => {
-    render(<SignUpButton redirectUrl={url} />);
+  it('handles forceRedirectUrl prop', async () => {
+    render(<SignUpButton forceRedirectUrl={url} />);
     const btn = screen.getByText('Sign up');
     userEvent.click(btn);
     await waitFor(() => {
-      expect(mockRedirectToSignUp).toHaveBeenCalledWith({ redirectUrl: url });
+      expect(mockRedirectToSignUp).toHaveBeenCalledWith({ forceRedirectUrl: url });
     });
   });
 
-  it('handles afterSignUpUrl prop', async () => {
-    render(<SignUpButton afterSignUpUrl={url} />);
+  it('handles forceRedirectUrl prop', async () => {
+    render(<SignUpButton forceRedirectUrl={url} />);
     const btn = screen.getByText('Sign up');
     userEvent.click(btn);
     await waitFor(() => {
       expect(mockRedirectToSignUp).toHaveBeenCalledWith({
-        afterSignUpUrl: url,
+        forceRedirectUrl: url,
       });
     });
   });
 
-  it('handles afterSignUpUrl prop', async () => {
-    render(<SignUpButton afterSignUpUrl={url} />);
+  it('handles forceRedirectUrl prop', async () => {
+    render(<SignUpButton forceRedirectUrl={url} />);
     const btn = screen.getByText('Sign up');
     userEvent.click(btn);
     await waitFor(() => {
       expect(mockRedirectToSignUp).toHaveBeenCalledWith({
-        afterSignUpUrl: url,
+        forceRedirectUrl: url,
       });
     });
   });

packages/react/src/components/__tests__/SignInButton.test.tsx

@@ -6,8 +6,11 @@ import type {
   InitialState,
   LoadedClerk,
   MultiDomainAndOrProxy,
+  RedirectUrlProp,
   SDKMetadata,
+  SignInProps,
   SignInRedirectOptions,
+  SignUpProps,
   SignUpRedirectOptions,
   Without,
 } from '@clerk/types';
@@ -74,20 +77,25 @@ export type ClerkProp =
   | null;
 
 type ButtonProps = {
-  afterSignInUrl?: string;
-  afterSignUpUrl?: string;
-  redirectUrl?: string;
   mode?: 'redirect' | 'modal';
   children?: React.ReactNode;
 };
 
-export type SignInButtonProps = ButtonProps;
+export type SignInButtonProps = ButtonProps &
+  Pick<
+    SignInProps,
+    'fallbackRedirectUrl' | 'forceRedirectUrl' | 'signUpForceRedirectUrl' | 'signUpFallbackRedirectUrl'
+  >;
 
-export interface SignUpButtonProps extends ButtonProps {
+export type SignUpButtonProps = {
   unsafeMetadata?: SignUpUnsafeMetadata;
-}
+} & ButtonProps &
+  Pick<
+    SignUpProps,
+    'fallbackRedirectUrl' | 'forceRedirectUrl' | 'signInForceRedirectUrl' | 'signInFallbackRedirectUrl'
+  >;
 
-export type SignInWithMetamaskButtonProps = Pick<ButtonProps, 'redirectUrl' | 'children'>;
+export type SignInWithMetamaskButtonProps = ButtonProps & RedirectUrlProp;
 
 export type RedirectToSignInProps = SignInRedirectOptions;
 export type RedirectToSignUpProps = SignUpRedirectOptions;

packages/react/src/components/__tests__/SignUpButton.test.tsx

@@ -5,3 +5,33 @@ export const without = <T extends object, P extends keyof T>(obj: T, ...props: P
   }
   return copy;
 };
+
+export const removeUndefined = <T extends object>(obj: T): Partial<T> => {
+  return Object.entries(obj).reduce((acc, [key, value]) => {
+    if (value !== undefined && value !== null) {
+      acc[key as keyof T] = value;
+    }
+    return acc;
+  }, {} as Partial<T>);
+};
+
+export const applyFunctionToObj = <T extends Record<string, any>, R>(
+  obj: T,
+  fn: (val: any, key: string) => R,
+): Record<string, R> => {
+  const result = {} as Record<string, R>;
+  for (const key in obj) {
+    result[key] = fn(obj[key], key);
+  }
+  return result;
+};
+
+export const filterProps = <T extends Record<string, any>>(obj: T, filter: (a: any) => boolean): T => {
+  const result = {} as T;
+  for (const key in obj) {
+    if (obj[key] && filter(obj[key])) {
+      result[key] = obj[key];
+    }
+  }
+  return result;
+};

packages/react/src/types.ts

@@ -16,6 +16,15 @@ import type { LocalizationResource } from './localization';
 import type { OAuthProvider, OAuthScope } from './oauth';
 import type { OrganizationResource } from './organization';
 import type { OrganizationCustomRoleKey } from './organizationMembership';
+import type {
+  AfterSignOutUrl,
+  RedirectOptions,
+  RedirectUrlProp,
+  SignInFallbackRedirectUrl,
+  SignInForceRedirectUrl,
+  SignUpFallbackRedirectUrl,
+  SignUpForceRedirectUrl,
+} from './redirects';
 import type { ActiveSessionResource } from './session';
 import type { UserResource } from './user';
 import type { Autocomplete, DeepPartial, DeepSnakeToCamel } from './utils';
@@ -466,57 +475,46 @@ export interface Clerk {
   handleUnauthenticated: () => Promise<unknown>;
 }
 
-export type HandleOAuthCallbackParams = AfterActionURLs & {
-  /**
-   * Full URL or path where the SignIn component is mounted.
-   */
-  signInUrl?: string;
-  /**
-   * Full URL or path where the SignUp component is mounted.
-   */
-  signUpUrl?: string;
-  /**
-   * Full URL or path to navigate after successful sign in
-   * or sign up.
-   *
-   * The same as setting afterSignInUrl and afterSignUpUrl
-   * to the same value.
-   */
-  redirectUrl?: string | null;
-
-  /**
-   * Full URL or path to navigate during sign in,
-   * if identifier verification is required.
-   */
-  firstFactorUrl?: string;
-
-  /**
-   * Full URL or path to navigate during sign in,
-   * if 2FA is enabled.
-   */
-  secondFactorUrl?: string;
-
-  /**
-   * Full URL or path to navigate during sign in,
-   * if the user is required to reset their password.
-   */
-  resetPasswordUrl?: string;
-
-  /**
-   * Full URL or path to navigate after an incomplete sign up.
-   */
-  continueSignUpUrl?: string | null;
-
-  /**
-   * Full URL or path to navigate after requesting email verification.
-   */
-  verifyEmailAddressUrl?: string | null;
-
-  /**
-   * Full URL or path to navigate after requesting phone verification.
-   */
-  verifyPhoneNumberUrl?: string | null;
-};
+export type HandleOAuthCallbackParams = SignInForceRedirectUrl &
+  SignInFallbackRedirectUrl &
+  SignUpForceRedirectUrl &
+  SignUpFallbackRedirectUrl & {
+    /**
+     * Full URL or path where the SignIn component is mounted.
+     */
+    signInUrl?: string;
+    /**
+     * Full URL or path where the SignUp component is mounted.
+     */
+    signUpUrl?: string;
+    /**
+     * Full URL or path to navigate during sign in,
+     * if identifier verification is required.
+     */
+    firstFactorUrl?: string;
+    /**
+     * Full URL or path to navigate during sign in,
+     * if 2FA is enabled.
+     */
+    secondFactorUrl?: string;
+    /**
+     * Full URL or path to navigate during sign in,
+     * if the user is required to reset their password.
+     */
+    resetPasswordUrl?: string;
+    /**
+     * Full URL or path to navigate after an incomplete sign up.
+     */
+    continueSignUpUrl?: string | null;
+    /**
+     * Full URL or path to navigate after requesting email verification.
+     */
+    verifyEmailAddressUrl?: string | null;
+    /**
+     * Full URL or path to navigate after requesting phone verification.
+     */
+    verifyPhoneNumberUrl?: string | null;
+  };
 
 export type HandleSamlCallbackParams = HandleOAuthCallbackParams;
 
@@ -541,7 +539,11 @@ type ClerkOptionsNavigation =
     };
 
 export type ClerkOptions = ClerkOptionsNavigation &
-  AfterActionURLs & {
+  SignInForceRedirectUrl &
+  SignInFallbackRedirectUrl &
+  SignUpForceRedirectUrl &
+  SignUpFallbackRedirectUrl &
+  AfterSignOutUrl & {
     appearance?: Appearance;
     localization?: LocalizationResource;
     polling?: boolean;
@@ -555,7 +557,6 @@ export type ClerkOptions = ClerkOptionsNavigation &
     signUpUrl?: string;
     allowedRedirectOrigins?: Array<string | RegExp>;
     isSatellite?: boolean | ((url: URL) => boolean);
-
     /**
      * Telemetry options
      */
@@ -628,48 +629,21 @@ export type SignUpInitialValues = {
   username?: string;
 };
 
-type AfterActionURLs = {
-  /**
-   * Full URL or path to navigate after successful sign in.
-   */
-  afterSignInUrl?: string | null;
-
-  /**
-   * Full URL or path to navigate after successful sign up.
-   * Sets the afterSignUpUrl if the "Sign up" link is clicked.
-   */
-  afterSignUpUrl?: string | null;
-
-  /**
-   * Full URL or path to navigate after successful sign out.
-   */
-  afterSignOutUrl?: string | null;
-};
-
-export type RedirectOptions = AfterActionURLs & {
-  /**
-   * Full URL or path to navigate after successful sign in,
-   * or sign up.
-   *
-   * The same as setting afterSignInUrl and afterSignUpUrl
-   * to the same value.
-   */
-  redirectUrl?: string | null;
-};
-
-export type SignInRedirectOptions = RedirectOptions & {
-  /**
-   * Initial values that are used to prefill the sign in form.
-   */
-  initialValues?: SignInInitialValues;
-};
+export type SignInRedirectOptions = RedirectOptions &
+  RedirectUrlProp & {
+    /**
+     * Initial values that are used to prefill the sign in form.
+     */
+    initialValues?: SignInInitialValues;
+  };
 
-export type SignUpRedirectOptions = RedirectOptions & {
-  /**
-   * Initial values that are used to prefill the sign up form.
-   */
-  initialValues?: SignUpInitialValues;
-};
+export type SignUpRedirectOptions = RedirectOptions &
+  RedirectUrlProp & {
+    /**
+     * Initial values that are used to prefill the sign up form.
+     */
+    initialValues?: SignUpInitialValues;
+  };
 
 export type SetActiveParams = {
   /**
@@ -698,6 +672,34 @@ export type RoutingOptions =
   | { path?: never; routing?: Extract<RoutingStrategy, 'hash' | 'virtual'> };
 
 export type SignInProps = RoutingOptions & {
+  /**
+   * Full URL or path to navigate after successful sign in.
+   * This value has precedence over other redirect props, environment variables or search params.
+   * Use this prop to override the redirect URL when needed.
+   * @default undefined
+   */
+  forceRedirectUrl?: string | null;
+  /**
+   * Full URL or path to navigate after successful sign in.
+   * This value is used when no other redirect props, environment variables or search params are present.
+   * @default undefined
+   */
+  fallbackRedirectUrl?: string | null;
+  /**
+   * Full URL or path to navigate after successful sign up, triggered through the <SignIn/> component,
+   * for example, when the user clicks the "Sign up" link or signs up using OAuth.
+   * This value has precedence over other redirect props, environment variables or search params.
+   * Use this prop to override the redirect URL when needed.
+   * @default undefined
+   */
+  signUpForceRedirectUrl?: string | null;
+  /**
+   * Full URL or path to navigate after successful sign up, triggered through the <SignIn/> component,
+   * for example, when the user clicks the "Sign up" link or signs up using OAuth.
+   * This value is used when no other redirect props, environment variables or search params are present.
+   * @default undefined
+   */
+  signUpFallbackRedirectUrl?: string | null;
   /**
    * Full URL or path to for the sign up process.
    * Used to fill the "Sign up" link in the SignUp component.
@@ -713,7 +715,7 @@ export type SignInProps = RoutingOptions & {
    * Initial values that are used to prefill the sign in form.
    */
   initialValues?: SignInInitialValues;
-} & RedirectOptions;
+} & AfterSignOutUrl;
 
 export type SignInModalProps = WithoutRouting<SignInProps>;
 
@@ -723,6 +725,34 @@ export type OneTapProps = {
 };
 
 export type SignUpProps = RoutingOptions & {
+  /**
+   * Full URL or path to navigate after successful sign up.
+   * This value has precedence over other redirect props, environment variables or search params.
+   * Use this prop to override the redirect URL when needed.
+   * @default undefined
+   */
+  forceRedirectUrl?: string | null;
+  /**
+   * Full URL or path to navigate after successful sign up.
+   * This value is used when no other redirect props, environment variables or search params are present.
+   * @default undefined
+   */
+  fallbackRedirectUrl?: string | null;
+  /**
+   * Full URL or path to navigate after successful sign up, triggered through the <SignUp/> component,
+   * for example, when the user clicks the "Sign in" link or signs up using OAuth.
+   * This value has precedence over other redirect props, environment variables or search params.
+   * Use this prop to override the redirect URL when needed.
+   * @default undefined
+   */
+  signInForceRedirectUrl?: string | null;
+  /**
+   * Full URL or path to navigate after successful sign up, triggered through the <SignUp/> component,
+   * for example, when the user clicks the "Sign in" link or signs up using OAuth.
+   * This value is used when no other redirect props, environment variables or search params are present.
+   * @default undefined
+   */
+  signInFallbackRedirectUrl?: string | null;
   /**
    * Full URL or path to for the sign in process.
    * Used to fill the "Sign in" link in the SignUp component.
@@ -743,7 +773,7 @@ export type SignUpProps = RoutingOptions & {
    * Initial values that are used to prefill the sign up form.
    */
   initialValues?: SignUpInitialValues;
-} & RedirectOptions;
+} & AfterSignOutUrl;
 
 export type SignUpModalProps = WithoutRouting<SignUpProps>;
 

packages/shared/src/object.ts

@@ -1,5 +1,21 @@
 import type { OAuthStrategy, SamlStrategy } from './strategies';
 
+export type AfterSignOutUrl = {
+  /**
+   * Full URL or path to navigate after successful sign out.
+   */
+  afterSignOutUrl?: string | null;
+};
+
+/**
+ * Redirect URLs for different actions.
+ * Mainly used to be used to type internal Clerk functions.
+ */
+export type RedirectOptions = SignInForceRedirectUrl &
+  SignInFallbackRedirectUrl &
+  SignUpForceRedirectUrl &
+  SignUpFallbackRedirectUrl;
+
 export type AuthenticateWithRedirectParams = {
   /**
    * Full URL or path to the route that will complete the OAuth or SAML flow.
@@ -34,3 +50,48 @@ export type AuthenticateWithRedirectParams = {
    */
   emailAddress?: string;
 };
+
+export type RedirectUrlProp = {
+  /**
+   * Full URL or path to navigate after a successful action.
+   */
+  redirectUrl?: string | null;
+};
+
+export type SignUpForceRedirectUrl = {
+  /**
+   * Full URL or path to navigate after successful sign up.
+   * This value has precedence over other redirect props, environment variables or search params.
+   * Use this prop to override the redirect URL when needed.
+   * @default undefined
+   */
+  signUpForceRedirectUrl?: string | null;
+};
+
+export type SignUpFallbackRedirectUrl = {
+  /**
+   * Full URL or path to navigate after successful sign up.
+   * This value is used when no other redirect props, environment variables or search params are present.
+   * @default undefined
+   */
+  signUpFallbackRedirectUrl?: string | null;
+};
+
+export type SignInFallbackRedirectUrl = {
+  /**
+   * Full URL or path to navigate after successful sign in.
+   * This value is used when no other redirect props, environment variables or search params are present.
+   * @default undefined
+   */
+  signInFallbackRedirectUrl?: string | null;
+};
+
+export type SignInForceRedirectUrl = {
+  /**
+   * Full URL or path to navigate after successful sign in.
+   * This value has precedence over other redirect props, environment variables or search params.
+   * Use this prop to override the redirect URL when needed.
+   * @default undefined
+   */
+  signInForceRedirectUrl?: string | null;
+};